1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright 2016-2022 NXP
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
13 #define SEC_BASE_ADDR 0x1700000
14 #define MAP_SIZE 0x100000
15 #define BLOCK_OFFSET 0x10000
17 #define QICTL_DQEN 0x01
18 #define QI_BLOCK_NUMBER 7
19 #define MAX_DPAA_CORES 4
20 #define NUM_POOL_CHANNELS 4
21 #define DPAA_SEC_BURST 7
22 #define DPAA_SEC_ALG_UNSUPPORT (-1)
23 #define TDES_CBC_IV_LEN 8
24 #define AES_CBC_IV_LEN 16
25 #define AES_CTR_IV_LEN 16
26 #define AES_GCM_IV_LEN 12
28 extern uint8_t dpaa_cryptodev_driver_id;
30 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000
32 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
33 * a pointer to the shared descriptor.
35 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
36 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
37 #define CTX_POOL_NUM_BUFS 32000
38 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
39 #define CTX_POOL_CACHE_SIZE 512
40 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
45 enum dpaa_sec_op_type {
46 DPAA_SEC_NONE, /*!< No Cipher operations*/
47 DPAA_SEC_CIPHER,/*!< CIPHER operations */
48 DPAA_SEC_AUTH, /*!< Authentication Operations */
49 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
50 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
53 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
56 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
57 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
58 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
62 #define DPAA_SEC_MAX_DESC_SIZE 64
63 /* code or cmd block to caam */
69 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
71 unsigned int rsvd47_39:9;
75 unsigned int rsvd47_39:9;
84 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
85 unsigned int rsvd31_30:2;
88 unsigned int offset:2;
90 unsigned int add_buf:1;
92 uint16_t pool_buffer_size;
94 uint16_t pool_buffer_size;
96 unsigned int add_buf:1;
98 unsigned int offset:2;
101 unsigned int rsvd31_30:2;
107 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
109 #ifdef RTE_LIB_SECURITY
111 * The structure is to be filled by user as a part of
112 * dpaa_sec_proto_ctxt for PDCP Protocol
114 struct sec_pdcp_ctxt {
115 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
116 int8_t bearer; /*!< PDCP bearer ID */
117 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
118 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
119 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
120 uint8_t sdap_enabled; /*!< SDAP header is enabled */
121 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
122 * per packet hfn is stored
124 uint32_t hfn; /*!< Hyper Frame Number */
125 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
129 typedef int (*dpaa_sec_build_fd_t)(
130 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
131 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
132 struct rte_crypto_va_iova_ptr *iv,
133 struct rte_crypto_va_iova_ptr *digest,
134 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
137 typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
138 struct rte_crypto_sgl *sgl,
139 struct rte_crypto_sgl *dest_sgl,
140 struct rte_crypto_va_iova_ptr *iv,
141 struct rte_crypto_va_iova_ptr *digest,
142 struct rte_crypto_va_iova_ptr *auth_iv,
143 union rte_crypto_sym_ofs ofs,
147 typedef struct dpaa_sec_session_entry {
148 struct sec_cdb cdb; /**< cmd block associated with qp */
149 struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
150 struct qman_fq *inq[MAX_DPAA_CORES];
151 uint8_t dir; /*!< Operation Direction */
152 uint8_t ctxt; /*!< Session Context Type */
153 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
154 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
155 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
156 #ifdef RTE_LIB_SECURITY
157 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
159 dpaa_sec_build_fd_t build_fd;
160 dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd;
163 uint8_t *data; /**< pointer to key data */
164 size_t length; /**< key length in bytes */
170 uint8_t *data; /**< pointer to key data */
171 size_t length; /**< key length in bytes */
176 uint8_t *data; /**< pointer to key data */
177 size_t length; /**< key length in bytes */
188 } iv; /**< Initialisation vector parameters */
189 uint16_t auth_only_len;
190 /*!< Length of data for Auth only */
191 uint32_t digest_length;
192 struct ipsec_decap_pdb decap_pdb;
193 struct ipsec_encap_pdb encap_pdb;
196 struct rte_ipv6_hdr ip6_hdr;
198 uint8_t auth_cipher_text;
199 /**< Authenticate/cipher ordering */
201 #ifdef RTE_LIB_SECURITY
202 struct sec_pdcp_ctxt pdcp;
208 struct dpaa_sec_dev_private *internals;
209 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */
217 #define RTE_DPAA_MAX_NB_SEC_QPS 2
218 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
219 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
221 /* internal sec queue interface */
222 struct dpaa_sec_dev_private {
224 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
225 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
226 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
227 unsigned int max_nb_queue_pairs;
228 unsigned int max_nb_sessions;
232 #define MAX_SG_ENTRIES 16
233 #define MAX_JOB_SG_ENTRIES 36
235 struct dpaa_sec_job {
236 /* sg[0] output, sg[1] input, others are possible sub frames */
237 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
240 #define DPAA_MAX_NB_MAX_DIGEST 64
241 struct dpaa_sec_op_ctx {
242 struct dpaa_sec_job job;
244 struct rte_crypto_op *op;
247 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
250 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
253 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
255 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
257 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
259 .algo = RTE_CRYPTO_AUTH_NULL,
276 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
278 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
280 .algo = RTE_CRYPTO_AUTH_MD5,
297 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
299 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
301 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
318 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
320 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
322 .algo = RTE_CRYPTO_AUTH_SHA1,
339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
341 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
343 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
360 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
362 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
364 .algo = RTE_CRYPTO_AUTH_SHA224,
381 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
383 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
385 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
402 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
404 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
406 .algo = RTE_CRYPTO_AUTH_SHA256,
423 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
425 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
427 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
444 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
446 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
448 .algo = RTE_CRYPTO_AUTH_SHA384,
465 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
467 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
469 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
486 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
488 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
490 .algo = RTE_CRYPTO_AUTH_SHA512,
507 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
509 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
511 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
528 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
530 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
532 .algo = RTE_CRYPTO_AEAD_AES_GCM,
557 { /* NULL (CIPHER) */
558 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
560 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
562 .algo = RTE_CRYPTO_CIPHER_NULL,
578 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
580 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
582 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
598 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
600 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
602 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
618 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
620 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
622 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
638 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
640 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
642 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
657 { /* SNOW 3G (UIA2) */
658 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
660 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
662 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
682 { /* SNOW 3G (UEA2) */
683 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
685 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
687 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
703 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
705 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
707 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
723 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
725 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
727 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
748 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
750 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
752 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
768 { /* AES XCBC HMAC */
769 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
771 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
773 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
790 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
793 #ifdef RTE_LIB_SECURITY
794 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
795 { /* SNOW 3G (UIA2) */
796 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
798 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
800 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
820 { /* SNOW 3G (UEA2) */
821 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
823 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
825 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
841 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
843 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
845 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
861 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
863 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
865 .algo = RTE_CRYPTO_AUTH_NULL,
881 { /* NULL (CIPHER) */
882 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
884 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
886 .algo = RTE_CRYPTO_CIPHER_NULL,
902 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
904 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
906 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
922 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
924 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
926 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
947 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
950 static const struct rte_security_capability dpaa_sec_security_cap[] = {
951 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
952 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
953 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
955 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
956 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
957 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
959 .replay_win_sz_max = 128
961 .crypto_capabilities = dpaa_sec_capabilities
963 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
964 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
965 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
967 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
968 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
969 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
971 .replay_win_sz_max = 128
973 .crypto_capabilities = dpaa_sec_capabilities
975 { /* PDCP Lookaside Protocol offload Data */
976 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
977 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
979 .domain = RTE_SECURITY_PDCP_MODE_DATA,
982 .crypto_capabilities = dpaa_pdcp_capabilities
984 { /* PDCP Lookaside Protocol offload Control */
985 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
986 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
988 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
991 .crypto_capabilities = dpaa_pdcp_capabilities
993 { /* PDCP Lookaside Protocol offload Short MAC */
994 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
995 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
997 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
1000 .crypto_capabilities = dpaa_pdcp_capabilities
1003 .action = RTE_SECURITY_ACTION_TYPE_NONE
1011 * @param buffer calculate chksum for buffer
1012 * @param len buffer length
1014 * @return checksum value in host cpu order
1016 static inline uint16_t
1017 calc_chksum(void *buffer, int len)
1019 uint16_t *buf = (uint16_t *)buffer;
1023 for (sum = 0; len > 1; len -= 2)
1027 sum += *(unsigned char *)buf;
1029 sum = (sum >> 16) + (sum & 0xFFFF);
1037 dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
1038 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
1039 enum rte_crypto_op_sess_type sess_type,
1040 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
1043 dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
1046 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess);
1048 #endif /* _DPAA_SEC_H_ */